CVE-2010-4476

Name of the Vulnerable Software and Affected Versions Java Runtime Environment (JRE) versions 6 Update 23 and earlier Java Runtime Environment (JRE) versions 5.0 Update 27 and earlier Java Runtime Environment (JRE) versions 1.4.2 29 and earlier

Description The issue allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number. This is demonstrated using the string 2.2250738585072012e-308. The Double.parseDouble method is the point of concern in this issue.

Recommendations For Java Runtime Environment (JRE) versions 6 Update 23 and earlier, update to a version that includes the fix for this issue. For Java Runtime Environment (JRE) versions 5.0 Update 27 and earlier, update to a version that includes the fix for this issue. For Java Runtime Environment (JRE) versions 1.4.2 29 and earlier, update to a version that includes the fix for this issue. As a temporary workaround, consider avoiding the use of the Double.parseDouble method with untrusted input until a patch is available.